Technical Tip: How to disable IPS Intelligent-mode

Description

This article describes how to disable the IPS Intelligent-mode option to disable IPS intelligent-mode in v6.4.3 and later

By default, Intelligent-mode is enabled, and the IPS engine performs adaptive scanning to speed up the scan job and offload the traffic sooner.

IPS Intelligent-mode can be disabled in case it is necessary to scan traffic end-to-end (all bytes).

Scope

FortiGate v6.4.3, 7.0 and 7.2.

Solution

V6.4.2 and earlier:

In v6.4.2 and earlier versions, it is possible to disable intelligent-mode in IPS scanning mode (enabled by default) to scan every single byte of traffic based on the customer’s requirements.

config ips global
    set intelligent-mode disable
end

V6.4.3 and later:

Starting from v6.4.3 and later, the IPS Intelligent-mode option has been removed from the CLI and is enabled by default with the regular IPS Database in use.

The option can be disabled by configuring a custom IPS signature with the parameter (--skip-after 0) when using a regular IPS Database. More information on Custom IPS Signature: Creating IPS and application control signatures

When using the extended IPS Database, IPS intelligent-mode is disabled by default and traffics are scanned end to end. Most high-end platforms have extended DB loaded by default.

       config ips global
       set database extended
      end

V7.0.0 and later:

The configuration to enable/disable the intelligent mode has been removed from the CLI: Changes in CLI